The Sysdig Event dissector handles BLOCK_TYPE_SYSDIG_EVENT_V2 and
BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE blocks. Add them to dumpcap's packet
count so that we don't get a "No packets captured." error.
Only reassemble if reply chunk size is non-zero to avoid reassembly
of a single fragment. The RPC-over-RDMA reply has no data when the
reply chunk size is non-zero but it needs to reassemble all
fragments (more_frags = FALSE) in this frame. On the other hand
when the reply chunk size is zero, the whole message is given in
this frame therefore there is no need to reassemble.
dissect_http_message might get called with a nonzero offset into
the tvb if there are multiple messages/segments in a frame. Only
send data starting from that offset to the follow tap, instead of
starting at tvb offset 0. Fix#18006
This program generates complete pcap files containing the proposed U-SIG
radiotap TLVs along with enough else to make it readable. You cannot currently
read such packets with tshark or wireshark until I add U-SIG handling to
Wireshark.
Since TLS uses the TCP multisegment pdus for desegmentation,
use the TCP reassembly functions so that both the first frame
and sequence number are used. Fix#11173 somewhat better than
the previous fix, because it avoids the (unlikely) case of two
different fragments comparing equal when just bit twiddling a
single key.
It's possible to have more than one TCP segment for the same
stream that begins in the same frame when there is encapsulation
(e.g. DVB BaseBand Frames carrying GSE or MPE with IP.)
We always have the tcp_multisegment_pdu when looking up fragments
in TCP, so declare reassembly functions for TCP that accept the
MSP as data, so we can use the starting sequence number of the MSP
to distinguish segments with identical first frames. (Using the
sequence number alone would fail with re-used sequence numbers in
long connections or reused ports, and also have more hash collisions
with relative sequence numbers.) This is analogous to #11173 for
TLS.
Use a list to allow a variable number of jumps, instead of a fixed
count. The flexibility in the number of jumps a given syntax tree
node might need to handle is useful to add new kinds of
operations.
This shared variable hidden behind a macro does not provide any
efficiency gains and just obscures the code. Move the boolean to
the fvalue protocol struct, where it belongs.
Syntax tree nodes can mutate and change type so the caching being used
is keepign a stale representation and printing wrong results. Recreate
the string every time the function is called.
We still store the string pointer in the node to be able to pass a const
char * to the caller without leaking memory, as a convenience.
Add padding bytes as a separate fragment when last fragment's data
is not on a four-byte boundary. The MPA layer removes the padding
bytes from all iWarp Reads and Writes. The iWarp Send messages are
padded correctly.
Fixes#17963.
Add binary tree, request_list, to add rdmap_request_t struct using
the sink steering tag of a tagged message as the key. The request
info is used to map the read response STag to the segment STag and
to map the read response offset to the segment offset.
Since the read chunk message is reassembled in the last read
response, go through all segments to calculate read chunk size
and the received bytes on the last read fragment. If all read chunk
fragments has been added to the reassembly table then complete the
reassembly and return the reassembled buffer.
Related to #17963.
Add struct rdmap_request to save read request info and include it
as read_request in rdmapinfo to pass to payload subdissectors.
Need to populate read request info even if rdma_tree is NULL.
Even though a read request does not have any payload data, call
upper layer dissector for message reassembly.
Related to #17963.
Add function add_iwarp_fragment() to add an iWarp fragment to the
reassembly table and return the reassembled data if all fragments
have been added. Make sure to process RDMA_MSG not only for
Infiniband but for iWarp as well.
Related to #17963.
Add global variable gp_rdmap_info to point to the data parameter
given by parent dissector IWARP_DDP_RDMAP.
Add binary tree, msn_list, to add send_info_t struct using the
message sequence number of an untagged message as the key.
Modify function add_send_fragment() to include iWarp segments.
Message numbers are given by the untagged message offset, thus
the msgno of send_info_t is not used and it is set to 0. Since
message offsets are not consecutive for iWarp, verify there are
no missing fragments by checking the number of bytes added to
the reassembly table.
Also, remove function rpcrdma_initialize()
Related to #17963.
Include last_flag, is_tagged, queue_number, message_seq_num and
message_offset in rdmapinfo to pass to payload subdissectors.
Also, add a typedef for struct rdmapinfo.
Related to #17963.
On the second pass, make sure to get the correct reassembly info
from the packet proto cache. This avoids having add_fragment()
being called again in the second pass since the message id will
be different. Also, do all of the work on add_send_fragment()
and get it ready for iWarp send reassembly.
Related to #17963.
Include the virtual address or offset when searching for the
correct segment. Add the segment info struct to a binary tree
instead of a list to speed up searching for the correct
segment when dealing with large packet traces.
Add binary tree, pns_list, to avoid searching for the segment
and then looking through all requests for the correct request
info for the fragment. This way, the search is done using the
PSN of the read/write fragment to find the correct request
info on a single tree search.
Add another binary tree, msgid_list, to search for all segments
belonging to the same reassembly message id when calculating
if reassembly is really done.
Make sure all read/write reassembly is done on the first pass
only. On the second pass, get the correct reassembly info from
the packet proto cache. This is accomplished in part by removing
get_msg_num function and instead adding add_ib_fragment function.
This function, just calls get_reassembled_data() on the second
pass to make sure all fragments are labeled correctly with
"Reassembled in" message. On the first pass, add the fragment
using either the segment info for a write only fragment or the
request info for any other read/write fragments. This avoids
having to add a request for the write only case since all the
information needed is already in the segment info. The message
number is now easily calculated by making it relative to request
or segment info.
Cache the value returned by get_rdma_list_size() since the
segment info, more specifically rbytes, is not available on the
second pass.
Most of these changes not only deal with the issue to correctly
reassemble chunks when the handle is being reused but it also
prepares common code to add iWarp reassembly.
Fixes#17961.
Fixes#17962.
Related to #17963.
With this new version, packet types are version dependent.
Support for v2-00 has been removed (it has never been used in real
networks and it is incompatible with v2-01)
This allows the "needs to be reloaded" indication to be set in the close
process, as is the case for ERF; having a routine that returns the value
of that indication is not useful if it gets seet in the close process,
as the handle for the wtap_dumper is no longer valid after
wtap_dump_close() finishes.
We also get rid of wtap_dump_get_needs_reload(), as callers should get
that information via the added argument to wtap_dump_close().
Fixes#17989.
Add asterisks to doxygen generates for existing
supported_block_type comments.
Add < to #define's so that doxygen associates comments
with the #define above, instead of below.
The type field in the IEC-60870-5-104 header is parsed wrongly. The type is
encoded in the headers third byte: I.e. a U-frame is encoded as xxxxxx11b, a
S-frame as xxxxxx01b and an I-frame as xxxxxxx0b. Yet the current parser reads
the information from the MSB.
João Valverde